mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-06 04:51:40 -07:00
Compare commits
76 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
96b42617d7 | ||
|
cbd08d5702 | ||
|
|
8e6ccbba8e | ||
|
5ddee91edc | ||
|
|
e762093915 | ||
|
f80dc5aa02 | ||
|
|
b763262c4a | ||
|
|
5dbcfdc362 | ||
|
21262626e0 | ||
|
1af1682414 | ||
|
|
b5eb38e48f | ||
|
|
5f706c7071 | ||
|
|
bc48f7625b | ||
|
369374b166 | ||
|
|
17c6228f7b | ||
|
|
3635dff5ff | ||
|
|
c57df67aeb | ||
|
|
3c233fdbc0 | ||
|
|
b81105f6af | ||
|
|
aae8baae83 | ||
|
|
ba45db1496 | ||
|
|
ad286790ca | ||
|
|
9bf9f8ba76 | ||
|
|
b8ea180d85 | ||
|
|
74b37e24c8 | ||
|
|
79f7d52ba2 | ||
|
|
7bf582699d | ||
|
|
4fad67d307 | ||
|
|
5eea263707 | ||
|
|
8faf1984d8 | ||
|
|
f632c7231e | ||
|
|
2c50bb8e6d | ||
|
|
a8f80debed | ||
|
|
3cc53fe778 | ||
|
|
6aaeee97a3 | ||
|
|
4fb430b18e | ||
|
|
e4367b2f13 | ||
|
|
b19b39c575 | ||
|
|
db099fcdac | ||
|
|
ba9a3ba8de | ||
|
|
65c897da68 | ||
|
80a11bb1e0 | ||
|
|
6cca92477e | ||
|
|
5e01d0d4e5 | ||
|
|
373da88a7e | ||
|
|
57216f5ce6 | ||
|
|
71c846d14f | ||
|
|
0b7d3c4bbf | ||
|
7545077a16 | ||
|
|
eb7ab3907b | ||
|
eaf17e9d5d | ||
|
|
03cdc31f98 | ||
|
82fd1a3ca0 | ||
|
|
8c4165a83b | ||
|
|
438e4fa537 | ||
|
|
02e0c8ce3e | ||
|
|
fb090d4bf9 | ||
|
|
9269d54ca4 | ||
|
|
48c1e20985 | ||
|
15b1f93903 | ||
|
|
e950212789 | ||
|
1dce42a0cc | ||
|
|
16b424af4d | ||
|
|
b4a2b0b4ef | ||
|
d2363dc99e | ||
|
|
568ef74e0d | ||
|
|
93abd60fc9 | ||
|
fb964fc113 | ||
|
|
e5c9eb6ab7 | ||
|
310068c9ca | ||
|
|
8a2df9b8f2 | ||
|
|
b8feed0e5d | ||
|
bb0fc93539 | ||
|
|
888da899f9 | ||
|
58256c8b4f | ||
|
|
28f073fd79 |
32 changed files with 597 additions and 176 deletions
2
CHANGES
2
CHANGES
|
|
@ -2,6 +2,8 @@ Changelog for hydra
|
|||
-------------------
|
||||
|
||||
Release 9.5
|
||||
* many modules did not support -W (all those that used a library for the
|
||||
connection). All (or most?) should be fixed now.
|
||||
* http-form:
|
||||
- The help for http-form was wrong. the condition variable must always be
|
||||
the *last* parameter, not the third
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
FROM debian:buster-slim
|
||||
FROM debian:bookworm-slim
|
||||
|
||||
ARG HYDRA_VERSION="github"
|
||||
|
||||
|
|
|
|||
2
INSTALL
2
INSTALL
|
|
@ -24,5 +24,5 @@ https://wiki.termux.com/wiki/Graphical_Environment
|
|||
|
||||
|
||||
For the Oracle login module, install the basic and SDK packages:
|
||||
http://www.oracle.com/technetwork/database/features/instant-client/index.html
|
||||
https://www.oracle.com/database/technologies/instant-client/downloads.html
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations
|
||||
WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align
|
||||
CFLAGS ?= -g
|
||||
OPTS=-I. -O3 $(CFLAGS) -fcommon
|
||||
OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations
|
||||
CPPFLAGS += -D_GNU_SOURCE
|
||||
# -Wall -g -pedantic
|
||||
LIBS=-lm
|
||||
|
|
|
|||
4
README
4
README
|
|
@ -96,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri
|
|||
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
|
||||
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
|
||||
firebird-dev libmemcached-dev libgpg-error-dev \
|
||||
libgcrypt11-dev libgcrypt20-dev
|
||||
libgcrypt11-dev libgcrypt20-dev freetds-dev
|
||||
```
|
||||
|
||||
This enables all optional modules and features with the exception of Oracle,
|
||||
|
|
@ -267,7 +267,7 @@ Examples:
|
|||
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
|
||||
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
|
||||
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
|
||||
-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates lenght 3 passwords with all 95 characters, and verbose.
|
||||
-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates length 3 passwords with all 95 characters, and verbose.
|
||||
```
|
||||
|
||||
Example:
|
||||
|
|
|
|||
37
configure
vendored
37
configure
vendored
|
|
@ -185,6 +185,32 @@ else
|
|||
echo " ... zlib not found, gzip support disabled"
|
||||
fi
|
||||
|
||||
echo "Checking for sybdb (sybdb.h) ..."
|
||||
for i in $INCDIRS; do
|
||||
if [ -f "$i/sybdb.h" ]; then
|
||||
HAVE_SYBDB="y"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$HAVE_SYBDB" ]; then
|
||||
echo " ... found"
|
||||
else
|
||||
echo " ... sybdb not found, MSSQL module will lack TDSv7 support"
|
||||
fi
|
||||
|
||||
echo "Checking for sybfront (sybfront.h) ..."
|
||||
for i in $INCDIRS; do
|
||||
if [ -f "$i/sybfront.h" ]; then
|
||||
HAVE_SYBFRONT="y"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$HAVE_SYBFRONT" ]; then
|
||||
echo " ... found"
|
||||
else
|
||||
echo " ... sybfront not found, MSSQL module will lack TDSv7 support"
|
||||
fi
|
||||
|
||||
echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..."
|
||||
if [ "X" != "X$DEBUG" ]; then
|
||||
echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null`
|
||||
|
|
@ -966,7 +992,7 @@ if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then
|
|||
fi
|
||||
if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then
|
||||
echo " ... NOT found, module Oracle disabled"
|
||||
echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html"
|
||||
echo "Get basic and sdk package from https://www.oracle.com/database/technologies/instant-client/downloads.html"
|
||||
ORACLE_PATH=""
|
||||
ORACLE_IPATH=""
|
||||
fi
|
||||
|
|
@ -1496,6 +1522,12 @@ fi
|
|||
if [ -n "$RSA" ]; then
|
||||
XDEFINES="$XDEFINES -DNO_RSA_LEGACY"
|
||||
fi
|
||||
if [ -n "$HAVE_SYBDB" ]; then
|
||||
XDEFINES="$XDEFINES -DHAVE_SYBDB"
|
||||
fi
|
||||
if [ -n "$HAVE_SYBFRONT" ]; then
|
||||
XDEFINES="$XDEFINES -DHAVE_SYBFRONT"
|
||||
fi
|
||||
if [ -n "$HAVE_ZLIB" ]; then
|
||||
XDEFINES="$XDEFINES -DHAVE_ZLIB"
|
||||
fi
|
||||
|
|
@ -1627,6 +1659,9 @@ fi
|
|||
if [ -n "$HAVE_ZLIB" ]; then
|
||||
XLIBS="$XLIBS -lz"
|
||||
fi
|
||||
if [ -n "$HAVE_SYBDB" ]; then
|
||||
XLIBS="$XLIBS -lsybdb"
|
||||
fi
|
||||
if [ -n "$CURSES_PATH" ]; then
|
||||
XLIBS="$XLIBS -lcurses"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ void dummy_firebird() { printf("\n"); }
|
|||
|
||||
#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb"
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
|
||||
int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
|
||||
|
|
@ -124,6 +125,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr
|
|||
*/
|
||||
|
||||
next_run = start_firebird(sock, ip, port, options, miscptr, fp);
|
||||
if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3:
|
||||
|
||||
|
|
|
|||
12
hydra-ftp.c
12
hydra-ftp.c
|
|
@ -26,8 +26,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
|
|||
if (verbose)
|
||||
printf("[INFO] user %s does not exist, skipping\n", login);
|
||||
hydra_completed_pair_skip();
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
|
||||
free(buf);
|
||||
return 4;
|
||||
}
|
||||
free(buf);
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -35,8 +37,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
|
|||
if (buf[0] == '2') {
|
||||
hydra_report_found_host(port, ip, "ftp", fp);
|
||||
hydra_completed_pair_found();
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
|
||||
free(buf);
|
||||
return 4;
|
||||
}
|
||||
free(buf);
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -61,8 +65,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char
|
|||
if (buf[0] == '2') {
|
||||
hydra_report_found_host(port, ip, "ftp", fp);
|
||||
hydra_completed_pair_found();
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) {
|
||||
free(buf);
|
||||
return 4;
|
||||
}
|
||||
free(buf);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
201
hydra-http-form.c
Normal file → Executable file
201
hydra-http-form.c
Normal file → Executable file
|
|
@ -66,6 +66,8 @@ int32_t success_cond = 0;
|
|||
int32_t getcookie = 1;
|
||||
int32_t auth_flag = 0;
|
||||
int32_t code_302_is_success = 0;
|
||||
int32_t code_401_is_failure = 0;
|
||||
int32_t multipart_mode = 0;
|
||||
|
||||
char cookie[4096] = "", cmiscptr[1024];
|
||||
|
||||
|
|
@ -314,10 +316,15 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) {
|
|||
|
||||
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
|
||||
if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) {
|
||||
cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1);
|
||||
if (cur_ptr->value)
|
||||
strcpy(cur_ptr->value, newvalue);
|
||||
else {
|
||||
size_t oldlen = strlen(oldvalue);
|
||||
size_t newlen = strlen(newvalue);
|
||||
if (oldlen != newlen)
|
||||
cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(cur_ptr->value) - oldlen + newlen + 1);
|
||||
if (cur_ptr->value) {
|
||||
char *p = strstr(cur_ptr->value, oldvalue);
|
||||
memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1);
|
||||
memcpy(p, newvalue, newlen);
|
||||
} else {
|
||||
hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n");
|
||||
hydra_child_exit(0);
|
||||
}
|
||||
|
|
@ -384,7 +391,7 @@ char *stringify_headers(ptr_header_node *ptr_head) {
|
|||
}
|
||||
|
||||
int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
|
||||
char *ptr, *ptr2;
|
||||
char *ptr, *ptr2, *tmp;
|
||||
|
||||
if (miscptr == NULL)
|
||||
return 1;
|
||||
|
|
@ -432,9 +439,26 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
|
|||
sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":"));
|
||||
miscptr = ptr;
|
||||
break;
|
||||
case '1':
|
||||
code_401_is_failure = 1;
|
||||
tmp = strchr(miscptr, ':');
|
||||
if (tmp)
|
||||
miscptr = tmp + 1;
|
||||
else
|
||||
miscptr += strlen(miscptr);
|
||||
break;
|
||||
case '2':
|
||||
code_302_is_success = 1;
|
||||
char *tmp = strchr(miscptr, ':');
|
||||
tmp = strchr(miscptr, ':');
|
||||
if (tmp)
|
||||
miscptr = tmp + 1;
|
||||
else
|
||||
miscptr += strlen(miscptr);
|
||||
break;
|
||||
case 'm': // fall through
|
||||
case 'M':
|
||||
multipart_mode = 1;
|
||||
tmp = strchr(miscptr, ':');
|
||||
if (tmp)
|
||||
miscptr = tmp + 1;
|
||||
else
|
||||
|
|
@ -518,6 +542,97 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
char *build_multipart_body(char *multipart_boundary) {
|
||||
if (!variables)
|
||||
return NULL;
|
||||
|
||||
char *body = NULL;
|
||||
size_t body_size = 0;
|
||||
|
||||
// Duplicate "variables" for tokenizing
|
||||
char *vars_dup = strdup(variables);
|
||||
if (!vars_dup)
|
||||
return NULL;
|
||||
|
||||
// Tokenize the string using '&' as a delimiter
|
||||
char *pair = strtok(vars_dup, "&");
|
||||
while (pair != NULL) {
|
||||
// Find the '=' separator in each pair
|
||||
char *equal_sign = strchr(pair, '=');
|
||||
if (!equal_sign) {
|
||||
pair = strtok(NULL, "&");
|
||||
continue;
|
||||
}
|
||||
*equal_sign = '\0';
|
||||
char *key = pair;
|
||||
char *value = equal_sign + 1;
|
||||
|
||||
// Build the multipart section for the field
|
||||
int section_len = snprintf(NULL, 0,
|
||||
"--%s\r\n"
|
||||
"Content-Disposition: form-data; name=\"%s\"\r\n"
|
||||
"\r\n"
|
||||
"%s\r\n",
|
||||
multipart_boundary, key, value);
|
||||
|
||||
char *section = malloc(section_len + 1);
|
||||
if (!section) {
|
||||
free(body);
|
||||
free(vars_dup);
|
||||
return NULL;
|
||||
}
|
||||
snprintf(section, section_len + 1,
|
||||
"--%s\r\n"
|
||||
"Content-Disposition: form-data; name=\"%s\"\r\n"
|
||||
"\r\n"
|
||||
"%s\r\n",
|
||||
multipart_boundary, key, value);
|
||||
|
||||
// Reallocate the body buffer to add this section
|
||||
size_t new_body_size = body_size + section_len;
|
||||
char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator
|
||||
if (!new_body) {
|
||||
free(section);
|
||||
free(body);
|
||||
free(vars_dup);
|
||||
return NULL;
|
||||
}
|
||||
body = new_body;
|
||||
if (body_size == 0)
|
||||
strcpy(body, section);
|
||||
else
|
||||
strcat(body, section);
|
||||
body_size = new_body_size;
|
||||
free(section);
|
||||
|
||||
pair = strtok(NULL, "&");
|
||||
}
|
||||
free(vars_dup);
|
||||
|
||||
// Append the closing boundary: --<boundary>--\r\n
|
||||
int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary);
|
||||
char *closing = malloc(closing_len + 1);
|
||||
if (!closing) {
|
||||
free(body);
|
||||
return NULL;
|
||||
}
|
||||
snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary);
|
||||
|
||||
size_t final_size = body_size + closing_len;
|
||||
char *final_body = realloc(body, final_size + 1);
|
||||
if (!final_body) {
|
||||
free(closing);
|
||||
free(body);
|
||||
return NULL;
|
||||
}
|
||||
body = final_body;
|
||||
strcat(body, closing);
|
||||
free(closing);
|
||||
|
||||
return body;
|
||||
}
|
||||
|
||||
|
||||
char *prepare_http_request(char *type, char *path, char *params, char *headers) {
|
||||
uint32_t reqlen = 0;
|
||||
char *http_request = NULL;
|
||||
|
|
@ -726,7 +841,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
char *http_request = NULL;
|
||||
int32_t found = !success_cond, i, j;
|
||||
char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
|
||||
|
||||
char content_type[256];
|
||||
memset(header, 0, sizeof(header));
|
||||
cookie[0] = 0; // reset cookies from potential previous attempt
|
||||
|
||||
|
|
@ -746,11 +861,24 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
clogin[sizeof(clogin) - 1] = 0;
|
||||
strncpy(cpass, html_encode(pass), sizeof(cpass) - 1);
|
||||
cpass[sizeof(cpass) - 1] = 0;
|
||||
upd3variables = hydra_strrep(variables, "^USER^", clogin);
|
||||
|
||||
if (multipart_mode) {
|
||||
snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=----THC-HydraBoundaryz2Z2z");
|
||||
char *multipart_body = build_multipart_body("----THC-HydraBoundaryz2Z2z");
|
||||
upd3variables = multipart_body;
|
||||
|
||||
}else{
|
||||
snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded");
|
||||
upd3variables = variables;
|
||||
}
|
||||
|
||||
upd3variables = hydra_strrep(upd3variables, "^USER^", clogin);
|
||||
upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass);
|
||||
upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login);
|
||||
upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass);
|
||||
|
||||
|
||||
|
||||
// Replace the user/pass placeholders in the user-supplied headers
|
||||
hdrrep(&ptr_head, "^USER^", clogin);
|
||||
hdrrep(&ptr_head, "^PASS^", cpass);
|
||||
|
|
@ -782,7 +910,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
else
|
||||
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
|
||||
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
|
||||
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
|
||||
add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
|
||||
if (cookie_header != NULL)
|
||||
free(cookie_header);
|
||||
cookie_header = stringify_cookies(ptr_cookie);
|
||||
|
|
@ -796,8 +924,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
if (http_request != NULL)
|
||||
free(http_request);
|
||||
http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
|
||||
hdrrepv(&ptr_head, "Content-Length", "0");
|
||||
|
|
@ -814,9 +944,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
if (http_request != NULL)
|
||||
free(http_request);
|
||||
http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (use_proxy == 1) {
|
||||
// proxy without authentication
|
||||
|
|
@ -844,7 +976,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
else
|
||||
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
|
||||
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
|
||||
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
|
||||
add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
|
||||
if (cookie_header != NULL)
|
||||
free(cookie_header);
|
||||
cookie_header = stringify_cookies(ptr_cookie);
|
||||
|
|
@ -858,8 +990,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
if (http_request != NULL)
|
||||
free(http_request);
|
||||
http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
|
||||
hdrrepv(&ptr_head, "Content-Length", "0");
|
||||
|
|
@ -876,9 +1010,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
if (http_request != NULL)
|
||||
free(http_request);
|
||||
http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// direct web server, no proxy
|
||||
normal_request = NULL;
|
||||
|
|
@ -907,7 +1043,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
else
|
||||
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
|
||||
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
|
||||
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
|
||||
add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT);
|
||||
if (cookie_header != NULL)
|
||||
free(cookie_header);
|
||||
cookie_header = stringify_cookies(ptr_cookie);
|
||||
|
|
@ -921,8 +1057,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
if (http_request != NULL)
|
||||
free(http_request);
|
||||
http_request = prepare_http_request("POST", url, upd3variables, normal_request);
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
|
||||
hdrrepv(&ptr_head, "Content-Length", "0");
|
||||
|
|
@ -939,11 +1077,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
if (http_request != NULL)
|
||||
free(http_request);
|
||||
http_request = prepare_http_request("GET", url, upd3variables, normal_request);
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (debug)
|
||||
hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request);
|
||||
|
|
@ -954,13 +1094,18 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
found = success_cond;
|
||||
}
|
||||
|
||||
if (auth_flag) { // we received a 401 error - user is using wrong module
|
||||
if (auth_flag) { // we received a 401 error - user may be using wrong module
|
||||
if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure
|
||||
hydra_completed_pair();
|
||||
return 1;
|
||||
} else {
|
||||
hydra_report(stderr,
|
||||
"[ERROR] the target is using HTTP auth, not a web form, received HTTP "
|
||||
"error code 401. Use module \"http%s-get\" instead.\n",
|
||||
"[ERROR] received HTTP error code 401. The target may be using HTTP auth, "
|
||||
"not a web form. Use module \"http%s-get\" instead, or set \"1=\".\n",
|
||||
(options & OPTION_SSL) > 0 ? "s" : "");
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
|
||||
if (strlen(cookie) > 0)
|
||||
process_cookies(&ptr_cookie, cookie);
|
||||
|
|
@ -1105,8 +1250,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
|
|||
|
||||
hydra_reconnect(s, ip, port, options, hostname);
|
||||
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
|
||||
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) {
|
||||
free(cookie_header);
|
||||
return 1;
|
||||
}
|
||||
|
||||
found = analyze_server_response(s);
|
||||
if (strlen(cookie) > 0)
|
||||
|
|
@ -1443,8 +1590,10 @@ void usage_http_form(const char *service) {
|
|||
" the sent/received data!\n"
|
||||
" Note that using invalid login condition checks can result in false positives!\n"
|
||||
"\nThe following parameters are optional and are put between the form parameters\n"
|
||||
" and the condition string; seperate them too with colons:\n"
|
||||
"and the condition string; seperate them too with colons:\n"
|
||||
" 1= 401 error response is interpreted as user/pass wrong\n"
|
||||
" 2= 302 page forward return codes identify a successful attempt\n"
|
||||
" M= attack forms that use multipart format\n"
|
||||
" (c|C)=/page/uri to define a different page to gather initial "
|
||||
"cookies from\n"
|
||||
" (g|G)= skip pre-requests - only use this when no pre-cookies are required\n"
|
||||
|
|
@ -1475,6 +1624,12 @@ void usage_http_form(const char *service) {
|
|||
" \"/exchweb/bin/auth/:F=failed"
|
||||
"owaauth.dll:destination=http%%3A%%2F%%2F<target>%%2Fexchange&flags=0&"
|
||||
"username=<domain>%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:"
|
||||
"C=/exchweb\":reason=\n",
|
||||
"C=/exchweb\":reason=\n"
|
||||
"To attack multiple targets, you can use the -M option with a file "
|
||||
"containing the targets and their parameters.\n"
|
||||
"Example file content:\n"
|
||||
" localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n"
|
||||
" localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n"
|
||||
" ...\n\n",
|
||||
service);
|
||||
}
|
||||
|
|
|
|||
10
hydra-http.c
Normal file → Executable file
10
hydra-http.c
Normal file → Executable file
|
|
@ -451,7 +451,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
|
|||
start--;
|
||||
memset(start, '\0', condition_len);
|
||||
if (debug)
|
||||
hydra_report(stderr, "Modificated options:%s\n", miscptr);
|
||||
hydra_report(stderr, "Modified options:%s\n", miscptr);
|
||||
} else {
|
||||
if (debug)
|
||||
hydra_report(stderr, "Condition not found\n");
|
||||
|
|
@ -474,6 +474,12 @@ void usage_http(const char *service) {
|
|||
" combination is invalid. Note: this must be the last option "
|
||||
"supplied.\n"
|
||||
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: "
|
||||
"sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n",
|
||||
"sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n"
|
||||
"To attack multiple targets, you can use the -M option with a file "
|
||||
"containing the targets and their parameters.\n"
|
||||
"Example file content:\n"
|
||||
" localhost:5000/protected:A=BASIC\n"
|
||||
" localhost:5002/protected_path:A=NTLM\n"
|
||||
" ...\n\n",
|
||||
service);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ void dummy_mcached() { printf("\n"); }
|
|||
|
||||
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
|
||||
int mcached_send_com_quit(int32_t sock) {
|
||||
|
|
@ -117,6 +118,8 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr,
|
|||
switch (run) {
|
||||
case 1:
|
||||
next_run = start_mcached(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 2:
|
||||
hydra_child_exit(0);
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ void dummy_mongodb() { printf("\n"); }
|
|||
|
||||
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
|
||||
|
|
@ -136,6 +137,8 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr,
|
|||
switch (run) {
|
||||
case 1:
|
||||
next_run = start_mongodb(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 2:
|
||||
hydra_child_exit(0);
|
||||
|
|
|
|||
|
|
@ -1,10 +1,14 @@
|
|||
#include "hydra-mod.h"
|
||||
|
||||
#define MSLEN 30
|
||||
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
|
||||
#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
|
||||
#include <sybdb.h>
|
||||
#include <sybfront.h>
|
||||
#endif
|
||||
|
||||
#define MSLEN 30
|
||||
|
||||
unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
|
|
@ -56,6 +60,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"
|
|||
int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
|
||||
char *empty = "";
|
||||
char *login, *pass, buffer[1024];
|
||||
char *ipaddr_str = hydra_address2string(ip);
|
||||
char ms_login[MSLEN + 1];
|
||||
char ms_pass[MSLEN + 1];
|
||||
unsigned char len_login, len_pass;
|
||||
|
|
@ -65,6 +70,42 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch
|
|||
login = empty;
|
||||
if (strlen(pass = hydra_get_next_password()) == 0)
|
||||
pass = empty;
|
||||
#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
|
||||
if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
|
||||
|
||||
DBPROCESS *dbproc;
|
||||
LOGINREC *attempt;
|
||||
|
||||
attempt = dblogin();
|
||||
|
||||
DBSETLUSER(attempt, login);
|
||||
DBSETLPWD(attempt, pass);
|
||||
|
||||
// Connect without specifying a database
|
||||
dbproc = dbopen(attempt, ipaddr_str);
|
||||
|
||||
if (dbproc != NULL) {
|
||||
dbclose(dbproc);
|
||||
dbexit();
|
||||
hydra_report_found_host(port, ip, "mssql", fp);
|
||||
hydra_completed_pair_found();
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 2;
|
||||
return 1;
|
||||
}
|
||||
|
||||
hydra_completed_pair();
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return 2;
|
||||
|
||||
return 1;
|
||||
|
||||
}
|
||||
#else
|
||||
if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){
|
||||
fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n");
|
||||
}
|
||||
#endif
|
||||
if (strlen(login) > MSLEN)
|
||||
login[MSLEN - 1] = 0;
|
||||
if (strlen(pass) > MSLEN)
|
||||
|
|
@ -119,6 +160,10 @@ void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
|
|||
int32_t run = 1, next_run = 1, sock = -1;
|
||||
int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL;
|
||||
|
||||
#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB)
|
||||
dbinit();
|
||||
#endif
|
||||
|
||||
hydra_register_socket(sp);
|
||||
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ char *hydra_scramble(char *to, const char *message, const char *password);
|
|||
extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length);
|
||||
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
char mysqlsalt[9];
|
||||
|
||||
|
|
@ -332,6 +333,8 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F
|
|||
break;
|
||||
case 2: /* run the cracking function */
|
||||
next_run = start_mysql(sock, ip, port, options, miscptr, fp);
|
||||
if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3: /* clean exit */
|
||||
if (sock >= 0) {
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ void dummy_oracle_listener() { printf("\n"); }
|
|||
#include <openssl/des.h>
|
||||
#define HASHSIZE 17
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
unsigned char *hash;
|
||||
|
|
@ -304,6 +305,8 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *
|
|||
}
|
||||
/* run the cracking function */
|
||||
next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3: /* clean exit */
|
||||
if (sock >= 0)
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ void dummy_oracle_sid() { printf("\n"); }
|
|||
#include <openssl/des.h>
|
||||
#define HASHSIZE 16
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
char *buf;
|
||||
unsigned char *hash;
|
||||
|
|
@ -113,6 +114,8 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp
|
|||
}
|
||||
/* run the cracking function */
|
||||
next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3: /* clean exit */
|
||||
if (sock >= 0)
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ void dummy_oracle() { printf("\n"); }
|
|||
#include <stdbool.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
|
||||
OCIEnv *o_environment;
|
||||
|
|
@ -165,6 +166,8 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr,
|
|||
break;
|
||||
case 2:
|
||||
next_run = start_oracle(sock, ip, port, options, miscptr, fp);
|
||||
if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3: /* clean exit */
|
||||
if (sock >= 0)
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ char *pop3_read_server_capacity(int32_t sock) {
|
|||
buf[strlen(buf) - 1] = 0;
|
||||
if (buf[strlen(buf) - 1] == '\r')
|
||||
buf[strlen(buf) - 1] = 0;
|
||||
if (*(ptr) == '.' || *(ptr) == '-')
|
||||
if (buf[strlen(buf) - 1] == '.' || *(ptr) == '.' || *(ptr) == '-')
|
||||
resp = 1;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ void dummy_postgres() { printf("\n"); }
|
|||
|
||||
#define DEFAULT_DB "template1"
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
|
||||
int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
|
||||
|
|
@ -40,7 +41,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options,
|
|||
* Building the connection string
|
||||
*/
|
||||
|
||||
snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass);
|
||||
snprintf(connection_string, sizeof(connection_string), "host = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), port, database, login, pass);
|
||||
|
||||
if (verbose)
|
||||
hydra_report(stderr, "connection string: %s\n", connection_string);
|
||||
|
|
@ -99,6 +100,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr
|
|||
* Here we start the password cracking process
|
||||
*/
|
||||
next_run = start_postgres(sock, ip, port, options, miscptr, fp);
|
||||
if ((next_run == 2 || next_run == 1) && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3:
|
||||
if (sock >= 0)
|
||||
|
|
|
|||
30
hydra-rdp.c
30
hydra-rdp.c
|
|
@ -16,24 +16,30 @@ void dummy_rdp() { printf("\n"); }
|
|||
#else
|
||||
|
||||
#include <freerdp/freerdp.h>
|
||||
#include <freerdp/version.h>
|
||||
freerdp *instance = 0;
|
||||
BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) {
|
||||
int32_t err = 0;
|
||||
|
||||
instance->settings->Username = login;
|
||||
instance->settings->Password = password;
|
||||
instance->settings->IgnoreCertificate = TRUE;
|
||||
rdpSettings* settings = instance->context->settings;
|
||||
|
||||
settings->Username = login;
|
||||
settings->Password = password;
|
||||
settings->IgnoreCertificate = TRUE;
|
||||
if (password[0] == 0)
|
||||
instance->settings->AuthenticationOnly = FALSE;
|
||||
settings->AuthenticationOnly = FALSE;
|
||||
else
|
||||
instance->settings->AuthenticationOnly = TRUE;
|
||||
instance->settings->ServerHostname = server;
|
||||
instance->settings->ServerPort = port;
|
||||
instance->settings->Domain = domain;
|
||||
instance->settings->MaxTimeInCheckLoop = 100;
|
||||
settings->AuthenticationOnly = TRUE;
|
||||
settings->ServerHostname = server;
|
||||
settings->ServerPort = port;
|
||||
settings->Domain = domain;
|
||||
|
||||
#if FREERDP_VERSION_MAJOR == 2
|
||||
settings->MaxTimeInCheckLoop = 100;
|
||||
#endif
|
||||
// freerdp timeout format is microseconds -> default:15000
|
||||
instance->settings->TcpConnectTimeout = hydra_options.waittime * 1000;
|
||||
instance->settings->TlsSecLevel = 0;
|
||||
settings->TcpConnectTimeout = hydra_options.waittime * 1000;
|
||||
settings->TlsSecLevel = 0;
|
||||
freerdp_connect(instance);
|
||||
err = freerdp_get_last_error(instance->context);
|
||||
return err;
|
||||
|
|
@ -125,6 +131,8 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
|
|||
else
|
||||
sleep(hydra_options.conwait);
|
||||
next_run = start_rdp(ip, myport, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 2: /* clean exit */
|
||||
freerdp_disconnect(instance);
|
||||
|
|
|
|||
|
|
@ -24,6 +24,11 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch
|
|||
return 1;
|
||||
}
|
||||
buf = hydra_receive_line(s);
|
||||
if (buf == NULL) {
|
||||
hydra_report(stderr, "[ERROR] Failed to receive response from Redis server.\n");
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (buf[0] == '+') {
|
||||
hydra_report_found_host(port, ip, "redis", fp);
|
||||
hydra_completed_pair_found();
|
||||
|
|
|
|||
|
|
@ -6,7 +6,9 @@
|
|||
//
|
||||
//
|
||||
|
||||
#ifndef _GNU_SOURCE
|
||||
#define _GNU_SOURCE
|
||||
#endif
|
||||
|
||||
#include "hydra-mod.h"
|
||||
#include "sasl.h"
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ const int32_t *__ctype_b;
|
|||
|
||||
extern void flood(); /* for -lm */
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
RFC_ERROR_INFO_EX error_info;
|
||||
|
||||
|
|
@ -99,6 +100,8 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F
|
|||
switch (run) {
|
||||
case 1: /* connect and service init function */
|
||||
next_run = start_sapr3(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 2:
|
||||
hydra_child_exit(0);
|
||||
|
|
|
|||
11
hydra-smb.c
11
hydra-smb.c
|
|
@ -1280,8 +1280,8 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
|
|||
} else if (SMBerr == 0x000193) { /* Valid password, account expired */
|
||||
hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login);
|
||||
hydra_report_found_host(port, ip, "smb", fp);
|
||||
hydra_completed_pair_found();
|
||||
} else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */
|
||||
hydra_completed_pair_skip();
|
||||
} else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, password expired */
|
||||
hydra_report(stdout,
|
||||
"[%d][smb] Host: %s Account: %s Valid password, password "
|
||||
"expired and must be changed on next logon\n",
|
||||
|
|
@ -1304,14 +1304,13 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
|
|||
hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n");
|
||||
hydra_completed_pair_skip();
|
||||
} else if (SMBerr == 0x000024) { /* change password on next login [success] */
|
||||
hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
|
||||
hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login);
|
||||
hydra_completed_pair_found();
|
||||
} else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */
|
||||
hydra_completed_pair();
|
||||
} else if (SMBerr == 0x000071) { /* password expired */
|
||||
if (verbose)
|
||||
fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login);
|
||||
hydra_completed_pair_skip();
|
||||
hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: PASSWORD EXPIRED\n", port, ipaddr_str, login);
|
||||
hydra_completed_pair_found();
|
||||
} else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */
|
||||
if (verbose)
|
||||
fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login);
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
|
||||
typedef struct creds {
|
||||
|
|
@ -173,10 +174,15 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) {
|
|||
}
|
||||
|
||||
void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
|
||||
static int first_run = 0;
|
||||
hydra_register_socket(sp);
|
||||
|
||||
while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) {
|
||||
char *login, *pass;
|
||||
|
||||
if (first_run && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
|
||||
login = hydra_get_next_login();
|
||||
pass = hydra_get_next_password();
|
||||
|
||||
|
|
@ -191,6 +197,8 @@ void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
|
|||
} else {
|
||||
hydra_completed_pair();
|
||||
}
|
||||
|
||||
first_run = 1;
|
||||
}
|
||||
EXIT_NORMAL;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,6 +47,9 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char
|
|||
ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
|
||||
// might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
|
||||
ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
|
||||
ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
|
||||
if (ssh_connect(session) != 0) {
|
||||
// if the connection was drop, exit and let hydra main handle it
|
||||
if (verbose)
|
||||
|
|
@ -119,6 +122,8 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
|
|||
switch (run) {
|
||||
case 1: /* connect and service init function */
|
||||
next_run = start_ssh(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 2:
|
||||
ssh_disconnect(session);
|
||||
|
|
@ -190,6 +195,9 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc
|
|||
ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime);
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none");
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none");
|
||||
// might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list
|
||||
ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256");
|
||||
ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256");
|
||||
if (ssh_connect(session) != 0) {
|
||||
fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session));
|
||||
return 2;
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ void dummy_sshkey() { printf("\n"); }
|
|||
#if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4
|
||||
|
||||
extern ssh_session session;
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
extern int32_t new_session;
|
||||
|
||||
|
|
@ -117,6 +118,8 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr,
|
|||
switch (run) {
|
||||
case 1: /* connect and service init function */
|
||||
next_run = start_sshkey(sock, ip, port, options, miscptr, fp);
|
||||
if (next_run == 1 && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 2:
|
||||
ssh_disconnect(session);
|
||||
|
|
|
|||
|
|
@ -4,7 +4,9 @@
|
|||
#ifdef LIBSVN
|
||||
|
||||
/* needed on openSUSE */
|
||||
#ifndef _GNU_SOURCE
|
||||
#define _GNU_SOURCE
|
||||
#endif
|
||||
|
||||
#if !defined PATH_MAX && defined HAVE_SYS_PARAM_H
|
||||
#include <sys/param.h>
|
||||
|
|
@ -30,6 +32,7 @@ void dummy_svn() { printf("\n"); }
|
|||
|
||||
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
|
||||
|
||||
extern hydra_option hydra_options;
|
||||
extern char *HYDRA_EXIT;
|
||||
|
||||
#define DEFAULT_BRANCH "trunk"
|
||||
|
|
@ -195,6 +198,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL
|
|||
break;
|
||||
case 2:
|
||||
next_run = start_svn(sock, ip, port, options, miscptr, fp);
|
||||
if ((next_run == 1 || next_run == 2) && hydra_options.conwait)
|
||||
sleep(hydra_options.conwait);
|
||||
break;
|
||||
case 3:
|
||||
if (sock >= 0)
|
||||
|
|
|
|||
137
hydra.c
137
hydra.c
|
|
@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire
|
|||
#define RESTOREFILE "./hydra.restore"
|
||||
|
||||
#define PROGRAM "Hydra"
|
||||
#define VERSION "v9.5"
|
||||
#define VERSION "v9.6dev"
|
||||
#define AUTHOR "van Hauser/THC"
|
||||
#define EMAIL "<vh@thc.org>"
|
||||
#define AUTHOR2 "David Maciejak"
|
||||
|
|
@ -267,6 +267,7 @@ typedef struct {
|
|||
|
||||
typedef struct {
|
||||
char *target;
|
||||
char *miscptr;
|
||||
char ip[36];
|
||||
char *login_ptr;
|
||||
char *pass_ptr;
|
||||
|
|
@ -343,6 +344,11 @@ int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed
|
|||
int32_t child_head_no = -1, child_socket;
|
||||
int32_t total_redo_count = 0;
|
||||
|
||||
// requred for distributed attack capability
|
||||
uint32_t num_segments = 0;
|
||||
uint32_t my_segment = 0;
|
||||
char junk_file[50];
|
||||
|
||||
// moved for restore feature
|
||||
int32_t process_restore = 0, dont_unlink;
|
||||
char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL;
|
||||
|
|
@ -388,7 +394,7 @@ static const struct {
|
|||
{"http-get-form", service_http_form_init, service_http_get_form, usage_http_form},
|
||||
{"http-head", service_http_init, service_http_head, NULL},
|
||||
{"http-form", service_http_form_init, NULL, usage_http_form},
|
||||
{"http-post", NULL, service_http_post, usage_http},
|
||||
{"http-post", service_http_init, service_http_post, usage_http},
|
||||
{"http-post-form", service_http_form_init, service_http_post_form, usage_http_form},
|
||||
SERVICE3("http-proxy", http_proxy),
|
||||
SERVICE3("http-proxy-urlenum", http_proxy_urlenum),
|
||||
|
|
@ -519,6 +525,8 @@ void help(int32_t ext) {
|
|||
"instead of -L/-P options\n"
|
||||
" -M FILE list of servers to attack, one entry per "
|
||||
"line, ':' to specify port\n");
|
||||
PRINT_NORMAL(ext, " -D XofY Divide wordlist into Y segments and use the "
|
||||
"Xth segment.\n");
|
||||
PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n"
|
||||
" -b FORMAT specify the format for the -o FILE: text(default), json, "
|
||||
"jsonv1\n"
|
||||
|
|
@ -1174,13 +1182,12 @@ void hydra_service_init(int32_t target_no) {
|
|||
int32_t x = 99;
|
||||
int32_t i;
|
||||
hydra_target *t = hydra_targets[target_no];
|
||||
char *miscptr = hydra_options.miscptr;
|
||||
FILE *ofp = hydra_brains.ofp;
|
||||
|
||||
for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) {
|
||||
if (strcmp(hydra_options.service, services[i].name) == 0) {
|
||||
if (services[i].init) {
|
||||
x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target);
|
||||
x = services[i].init(t->ip, -1, options, t->miscptr, ofp, t->port, t->target);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
@ -1264,13 +1271,13 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) {
|
|||
|
||||
hydra_target *t = hydra_targets[target_no];
|
||||
int32_t sp = hydra_heads[head_no]->sp[1];
|
||||
char *miscptr = hydra_options.miscptr;
|
||||
// char *miscptr = hydra_options.miscptr;
|
||||
FILE *ofp = hydra_brains.ofp;
|
||||
hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no];
|
||||
for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) {
|
||||
if (strcmp(hydra_options.service, services[i].name) == 0) {
|
||||
if (services[i].exec) {
|
||||
services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target);
|
||||
services[i].exec(t->ip, sp, options, t->miscptr, ofp, t->port, head_target->target);
|
||||
// just in case a module returns (which it shouldnt) we let it exit
|
||||
// here
|
||||
exit(-1);
|
||||
|
|
@ -1591,6 +1598,73 @@ char *hydra_reverse_login(int32_t head_no, char *login) {
|
|||
return hydra_heads[head_no]->reverse;
|
||||
}
|
||||
|
||||
void delete_junk_files(){
|
||||
remove(junk_file);
|
||||
}
|
||||
|
||||
FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){
|
||||
|
||||
if(my_segment > num_segments){
|
||||
fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
FILE *output_file;
|
||||
char line[500];
|
||||
char output_file_name[50];
|
||||
|
||||
uint32_t line_number = 0;
|
||||
|
||||
double total_lines = countlines(file,0);
|
||||
|
||||
if(num_segments > total_lines){
|
||||
fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
double segment_size_double = total_lines / num_segments;
|
||||
|
||||
// round up segment_size_float to integer
|
||||
uint64_t segment_size = (uint64_t)segment_size_double;
|
||||
if(segment_size < segment_size_double)
|
||||
segment_size++;
|
||||
|
||||
uint64_t segment_start = segment_size * (my_segment - 1) + 1;
|
||||
uint64_t segment_end = segment_size * my_segment;
|
||||
|
||||
|
||||
|
||||
srand(time(NULL));
|
||||
int filetag = rand();
|
||||
|
||||
sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment);
|
||||
output_file = fopen(output_file_name, "w");
|
||||
|
||||
if(!output_file){
|
||||
fprintf(stderr, "[ERROR] Segment file empty: %s\n", hydra_options.passfile);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
strcpy(junk_file, output_file_name);
|
||||
|
||||
atexit(delete_junk_files);
|
||||
|
||||
while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){
|
||||
line_number++;
|
||||
|
||||
if(line_number >= segment_start && line_number <= segment_end)
|
||||
fprintf(output_file, "%s", line);
|
||||
|
||||
}
|
||||
|
||||
rewind(file);
|
||||
fclose(output_file);
|
||||
output_file = fopen(output_file_name, "r");
|
||||
|
||||
return output_file;
|
||||
|
||||
}
|
||||
|
||||
int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) {
|
||||
// variables moved to save stack
|
||||
snpdone = 0;
|
||||
|
|
@ -2045,7 +2119,7 @@ void process_proxy_line(int32_t type, char *string) {
|
|||
string[strlen(string) - 1] = 0;
|
||||
if (string[strlen(string) - 1] == '\r')
|
||||
string[strlen(string) - 1] = 0;
|
||||
if (proxy_count > MAX_PROXY_COUNT) {
|
||||
if (proxy_count >= MAX_PROXY_COUNT) {
|
||||
fprintf(stderr, "[WARNING] maximum amount of proxies loaded, ignoring this entry: %s\n", string);
|
||||
return;
|
||||
}
|
||||
|
|
@ -2171,13 +2245,13 @@ void process_proxy_line(int32_t type, char *string) {
|
|||
int main(int argc, char *argv[]) {
|
||||
char *proxy_string = NULL, *device = NULL, *memcheck;
|
||||
char *outfile_format_tmp;
|
||||
FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp;
|
||||
FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp, *filecloser=NULL;
|
||||
size_t countinfile = 1, sizeinfile = 0;
|
||||
uint64_t math2;
|
||||
int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch;
|
||||
int32_t head_no = 0, target_no = 0, exit_condition = 0, readres;
|
||||
time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time;
|
||||
char *tmpptr, *tmpptr2;
|
||||
char *tmpptr, *tmpptr2, *tmpptr3;
|
||||
char rc, buf[MAXBUF];
|
||||
time_t last_attempt = 0;
|
||||
fd_set fdreadheads;
|
||||
|
|
@ -2307,6 +2381,7 @@ int main(int argc, char *argv[]) {
|
|||
hydra_options.loginfile = NULL;
|
||||
hydra_options.pass = NULL;
|
||||
hydra_options.passfile = NULL;
|
||||
hydra_options.distributed = NULL;
|
||||
hydra_options.tasks = TASKS;
|
||||
hydra_options.max_use = MAXTASKS;
|
||||
hydra_options.outfile_format = FORMAT_PLAIN_TEXT;
|
||||
|
|
@ -2320,8 +2395,18 @@ int main(int argc, char *argv[]) {
|
|||
help(1);
|
||||
if (argc < 2)
|
||||
help(0);
|
||||
while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) {
|
||||
while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:D:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) {
|
||||
switch (i) {
|
||||
case 'D':
|
||||
hydra_options.distributed = optarg;
|
||||
if (sscanf(hydra_options.distributed, "%dof%d", &my_segment, &num_segments) != 2) {
|
||||
fprintf(stderr, "Invalid format. Expected format -D XofY where X and Y are integers.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
else{
|
||||
fprintf(stdout, "Option \'D\': successfully set X to %d and Y to %d\n", my_segment, num_segments);
|
||||
}
|
||||
break;
|
||||
case 'h':
|
||||
help(1);
|
||||
break;
|
||||
|
|
@ -3201,6 +3286,7 @@ int main(int argc, char *argv[]) {
|
|||
bail("Compiled without SSL support, module not available");
|
||||
#endif
|
||||
}
|
||||
if (hydra_options.infile_ptr == NULL) {
|
||||
if (hydra_options.miscptr == NULL) {
|
||||
fprintf(stderr, "[WARNING] You must supply the web page as an "
|
||||
"additional option or via -m, default path set to /\n");
|
||||
|
|
@ -3276,6 +3362,7 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (strcmp(hydra_options.service, "xmpp") == 0)
|
||||
i = 1;
|
||||
|
|
@ -3402,6 +3489,13 @@ int main(int argc, char *argv[]) {
|
|||
fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile);
|
||||
exit(-1);
|
||||
}
|
||||
else if (hydra_options.passfile == NULL){
|
||||
if(my_segment && num_segments){
|
||||
filecloser = lfp;
|
||||
lfp = hydra_divide_file(lfp, my_segment, num_segments);
|
||||
fclose(filecloser);
|
||||
}
|
||||
}
|
||||
hydra_brains.countlogin = countlines(lfp, 0);
|
||||
hydra_brains.sizelogin = size_of_data;
|
||||
if (hydra_brains.countlogin == 0) {
|
||||
|
|
@ -3434,6 +3528,11 @@ int main(int argc, char *argv[]) {
|
|||
fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile);
|
||||
exit(-1);
|
||||
}
|
||||
else if(my_segment && num_segments){
|
||||
filecloser = pfp;
|
||||
pfp = hydra_divide_file(pfp, my_segment, num_segments);
|
||||
fclose(filecloser);
|
||||
}
|
||||
hydra_brains.countpass = countlines(pfp, 0);
|
||||
hydra_brains.sizepass = size_of_data;
|
||||
if (hydra_brains.countpass == 0) {
|
||||
|
|
@ -3488,6 +3587,11 @@ int main(int argc, char *argv[]) {
|
|||
fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile);
|
||||
exit(-1);
|
||||
}
|
||||
else if(my_segment && num_segments){
|
||||
filecloser = cfp;
|
||||
cfp = hydra_divide_file(cfp, my_segment, num_segments);
|
||||
fclose(filecloser);
|
||||
}
|
||||
hydra_brains.countlogin = countlines(cfp, 1);
|
||||
hydra_brains.sizelogin = size_of_data;
|
||||
if (hydra_brains.countlogin == 0) {
|
||||
|
|
@ -3591,6 +3695,7 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
} else
|
||||
hydra_targets[i]->target = tmpptr;
|
||||
|
||||
if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) {
|
||||
*tmpptr2++ = 0;
|
||||
tmpptr = tmpptr2;
|
||||
|
|
@ -3600,6 +3705,13 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
if (hydra_targets[i]->port == 0)
|
||||
hydra_targets[i]->port = hydra_options.port;
|
||||
|
||||
if ((tmpptr3 = strchr(tmpptr, '/')) != NULL) {
|
||||
hydra_targets[i]->miscptr = tmpptr3;
|
||||
}
|
||||
else
|
||||
hydra_targets[i]->miscptr = "/";
|
||||
|
||||
while (*tmpptr != 0)
|
||||
tmpptr++;
|
||||
tmpptr++;
|
||||
|
|
@ -3622,6 +3734,7 @@ int main(int argc, char *argv[]) {
|
|||
memset(hydra_targets[0], 0, sizeof(hydra_target));
|
||||
hydra_targets[0]->target = servers_ptr = hydra_options.server;
|
||||
hydra_targets[0]->port = hydra_options.port;
|
||||
hydra_targets[0]->miscptr = hydra_options.miscptr;
|
||||
sizeservers = strlen(hydra_options.server) + 1;
|
||||
} else {
|
||||
/* CIDR notation on command line, e.g. 192.168.0.0/24 */
|
||||
|
|
@ -3666,6 +3779,7 @@ int main(int argc, char *argv[]) {
|
|||
memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4);
|
||||
hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr));
|
||||
hydra_targets[i]->port = hydra_options.port;
|
||||
hydra_targets[i]->miscptr = hydra_options.miscptr;
|
||||
addr_cur++;
|
||||
i++;
|
||||
}
|
||||
|
|
@ -3681,6 +3795,7 @@ int main(int argc, char *argv[]) {
|
|||
memset(hydra_targets[0], 0, sizeof(hydra_target));
|
||||
hydra_targets[0]->target = servers_ptr = hydra_options.server;
|
||||
hydra_targets[0]->port = hydra_options.port;
|
||||
hydra_targets[0]->miscptr = hydra_options.miscptr;
|
||||
sizeservers = strlen(hydra_options.server) + 1;
|
||||
}
|
||||
for (i = 0; i < hydra_brains.targets; i++) {
|
||||
|
|
@ -4113,7 +4228,7 @@ int main(int argc, char *argv[]) {
|
|||
} else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) {
|
||||
printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr);
|
||||
} else
|
||||
printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
|
||||
printf("[%d][%s] host: %s misc: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_targets[hydra_heads[head_no]->target_no]->miscptr, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr);
|
||||
}
|
||||
if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) {
|
||||
fprintf(hydra_brains.ofp,
|
||||
|
|
|
|||
1
hydra.h
1
hydra.h
|
|
@ -194,6 +194,7 @@ typedef struct {
|
|||
int32_t cidr;
|
||||
int32_t time_next_attempt;
|
||||
output_format_t outfile_format;
|
||||
char *distributed; // Use distributed computing by splitting user files on the fly
|
||||
char *login;
|
||||
char *loginfile;
|
||||
char *pass;
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ int main(int argc, char *argv[]) {
|
|||
int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0;
|
||||
int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0;
|
||||
FILE *in = stdin, *out = stdout;
|
||||
char buf[MAXLENGTH + 1];
|
||||
unsigned char buf[MAXLENGTH + 1];
|
||||
|
||||
prg = argv[0];
|
||||
if (argc < 2)
|
||||
|
|
@ -124,9 +124,9 @@ int main(int argc, char *argv[]) {
|
|||
if (countsets == 0)
|
||||
countsets = sets;
|
||||
|
||||
while (fgets(buf, sizeof(buf), in) != NULL) {
|
||||
i = -1;
|
||||
if (buf[0] == 0)
|
||||
while (fgets((void *)buf, sizeof(buf), in) != NULL) {
|
||||
int is_low = 0, is_up = 0, is_no = 0, is_print = 0, is_other = 0;
|
||||
if (!buf[0])
|
||||
continue;
|
||||
if (buf[strlen(buf) - 1] == '\n')
|
||||
buf[strlen(buf) - 1] = 0;
|
||||
|
|
@ -134,40 +134,31 @@ int main(int argc, char *argv[]) {
|
|||
buf[strlen(buf) - 1] = 0;
|
||||
if (strlen(buf) >= minlen && strlen(buf) <= maxlen) {
|
||||
i = 0;
|
||||
if (countsets > 0) {
|
||||
if (set_low)
|
||||
if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL)
|
||||
i++;
|
||||
if (set_up)
|
||||
if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL)
|
||||
i++;
|
||||
if (set_no)
|
||||
if (strpbrk(buf, "0123456789") != NULL)
|
||||
i++;
|
||||
if (set_print) {
|
||||
j = 0;
|
||||
for (k = 0; k < strlen(buf); k++)
|
||||
if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0)
|
||||
j = 1;
|
||||
if (j)
|
||||
i++;
|
||||
}
|
||||
if (set_other) {
|
||||
for (i = 0; i < strlen(buf) && j; i++) {
|
||||
j = 0;
|
||||
for (k = 0; k < strlen(buf); k++)
|
||||
if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0)
|
||||
if (set_low && islower(buf[i])) {
|
||||
j = 1;
|
||||
if (j)
|
||||
i++;
|
||||
is_low = 1;
|
||||
} else if (set_up && isupper(buf[i])) {
|
||||
j = 1;
|
||||
is_up = 1;
|
||||
} else if (set_no && isdigit(buf[i])) {
|
||||
j = 1;
|
||||
is_no = 1;
|
||||
} else if (set_print && isprint(buf[i]) && !isalnum(buf[i])) {
|
||||
j = 1;
|
||||
is_print = 1;
|
||||
} else if (set_other && !isprint(buf[i])) {
|
||||
j = 1;
|
||||
is_other = 1;
|
||||
}
|
||||
}
|
||||
if (i >= countsets) {
|
||||
if (j && countsets <= is_low + is_up + is_no + is_print + is_other) {
|
||||
fprintf(out, "%s\n", buf);
|
||||
count++;
|
||||
}
|
||||
}
|
||||
/* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i,
|
||||
* minlen, maxlen, strlen(buf)); */
|
||||
}
|
||||
fclose(in);
|
||||
fclose(out);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue